[HELP] svchost.exe bypassing application firewall rules

I have firewall rules setup on svchost.exe to allow port 53, 67, 1900 multicast, 5355 multicast, 123, local addresses and to block everything else. Everything was fine but over the last couple of months I have noticed that some web pages would not load until repeated reloads and outlook would not connect to my pop mailbox. All of this was random. I put a ask rule just above the block and then checked my mail and svchost.exe was asking for access to my pop mailbox.
Could someone please tell me why outlook would not connect directly and go through svchost.exe.
If I give svchost.exe full access everything seems to work fine but I might as well not have a firewall if applications just go through svchost.

EDIT: I may have found a solution. I disabled the dns client service and now it works as expected. Each application connects to the internet rather than going through svchost. Even firefox makes dns connections now, I am sure before all dns went through svchost.

I now have a strange problem that if I have svchost setup as before only allowing certain ports and blocking all others I get random connection problems most noticeable in firefox. When allowing svchost full outgoing access all is fine although I just did a manual update check on Sandboxie and commodo asked for access to port 53 and nothing else and completed the update check which would normally be done on port 443. I know this is not really comodo’s problem but could someone please tell me what is the point of a firewall on windows 10 if it just get bypassed by svchost.

I am not sure if it’s related to my problem, but I sometimes have to disable Comodo Firewall entirely to be able to connect. However my svchost rule is to allow everything so it might be a different problem.

Probably not related but, have you disabled probe requests? [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet] “EnableActiveProbing”=dword:00000000

I started to notice the random drops maybe 2 or 3 updates ago in version 10. Another problem was that randomly again when starting some programs they would take over 10 seconds to even start to load after clicking the icon. It was like it was checking the program on the cloud (even if I have that switched off) and just waiting to time out. I updated to version 11 but encountered another problem of excessive cpu usage so I downgraded to version and so far all problems are gone even with svchost restricted.

I checked the active probing key and it is already disabled.